From time to time, it’s useful to review the specific HIPAA Privacy and Security regulation requirements addressed to workforce training to ensure that current training initiatives and compliance documentation reflect the requirements of the regulations. Here, in a nutshell review, are the requirements:

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was enacted to protect private individually identifiable patient information, provide for electronic and physical security of patient and health information, and implement the use of standard transactions and billing code sets. HIPAA compliance is required of all covered entities, which include (1) healthcare providers that conduct certain transactions in electronic form, (2) healthcare clearinghouses, and (3) health plans. To implement the security and privacy safeguards created by HIPAA, a covered entity must ensure that its workforce is properly trained to follow guidelines found within the Act’s “Administration Simplification” provisions (which established standards for electronic health care transactions and national identifiers for providers, health plans, and employers to ensure the security and privacy of healthcare information). A covered entity’s workforce is defined as its employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity. To be in compliance with HIPAA, a covered entity must ensure that its entire workforce follows the privacy and security requirements found within the Act.

It’s good to review the HIPAA workforce training requirements periodically, to make sure that training and compliance documentation efforts haven’t fallen between the cracks. Each covered entity must complete workforce education, audit its training program on a periodic basis, and ensure that all new hires are properly trained. The training program should include:

Proper and timely training of the workforce members on HIPAA requirements, according to each member’s position;